From 737bef014fe3672ec91205825d5a268a2d61a099 Mon Sep 17 00:00:00 2001 From: sbidari Date: Mon, 21 Oct 2024 18:31:57 -0400 Subject: [PATCH 1/2] create label and merging workflow --- .github/labeler.yml | 12 ++++++++++++ .github/workflows/automerge.yml | 22 ++++++++++++++++++++++ .github/workflows/labeler.yml | 11 +++++++++++ 3 files changed, 45 insertions(+) create mode 100644 .github/labeler.yml create mode 100644 .github/workflows/automerge.yml create mode 100644 .github/workflows/labeler.yml diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..f5f5cfe --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,12 @@ +data-submission: + - all: ['model-output/**/*.csv'] + +code: + - code/**/* + +model-metadata: + - all: ['model-metadata/**/*.yml', 'model-metadata/**/*.yaml'] + +-documentation: + - changed-files: + - any-glob-to-any-file: '**/*.md' \ No newline at end of file diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 0000000..c22f356 --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,22 @@ +on: + pull_request: + types: + - synchronize + - opened + - edited + check_suite: + types: + - completed +jobs: + automerge: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - id: automerge + name: automerge + uses: "pascalgn/automerge-action@v0.16.4" + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + MERGE_LABELS: "automerge,data-submission,!other-files-updated,!documentation,!code" diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml new file mode 100644 index 0000000..06bf83b --- /dev/null +++ b/.github/workflows/labeler.yml @@ -0,0 +1,11 @@ +name: "Pull Request Labeler" +on: +- pull_request_target + +jobs: + labeler: + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@v5 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file From ae704bef845889e14880609734d15f78916254de Mon Sep 17 00:00:00 2001 From: sbidari Date: Wed, 30 Oct 2024 12:46:58 -0400 Subject: [PATCH 2/2] add user validation --- .github/workflows/validate-changes.yaml | 44 +++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/validate-changes.yaml diff --git a/.github/workflows/validate-changes.yaml b/.github/workflows/validate-changes.yaml new file mode 100644 index 0000000..a2ac947 --- /dev/null +++ b/.github/workflows/validate-changes.yaml @@ -0,0 +1,44 @@ +name: validate changes made by an authorized user + +on: + pull_request: + types: + - opened + - synchronize + +jobs: + restrict-changes: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Read authorized user + id: read_authorized_user + uses: jaywcjlove/github-action-read-file@main + with: + path: 'model-metadata/authorized_users.txt' + + - name: Get changed files + id: get_changed_files + uses: tj-actions/changed-files@v45 + with: + dir_names: 'True' + + - name: Check if changes made by auth user + run: | + readarray -t lines_arr <<< "${{ steps.read_authorized_user.outputs.content }}" + + for line in "${lines_arr[@]}"; do + dir=$(echo "$line" | awk '{print $1}') + user=$(echo "$line" | awk '{print $2}') + + for file in ${{ steps.get_changed_files.outputs.all_modified_files }}; do + if [[ "$file" == "$dir" ]]; then + if [[ "${{ github.actor }}" != "$user" ]]; then + echo "Error: Only '$user' is allowed to change files in '$dir/'" + exit 1 + fi + fi + done + done \ No newline at end of file